4

Is there a comprehensive list over which keys and UUIDs provided by Azure are sensitive information?

For context, I am setting up a react app using react-adal. This requires me to provide the tenantID and clientID to the app. It would be trivial for anybody with a little know-how to extract those UUIDs from the application given the way I currently have it setup. It's a static app with no back-end service, so it all runs in the browser. I have the application setup as a App registration (registered app?), in AzureAD to allow users to login with their Office365 account for my organization. Almost all the tutorials online show setting it up the same way I am. However, some tutorials with screenshots almost always have the clientID censored in the screenshots.

Edit: While this question does solve my immediate need, I am in search of documentation from Microsoft concerning security best-practices in regards to Azure keys, UUIDs, etc.

Oxymoron
  • 1,380
  • 2
  • 19
  • 47
  • 1
    Does this answer your question? [Are Azure Subscription ID, AAD Tenant ID, and AAD App Client ID considered secret/PII?](https://stackoverflow.com/questions/45661109/are-azure-subscription-id-aad-tenant-id-and-aad-app-client-id-considered-secre) – Scorpion Nov 14 '19 at 16:38
  • solves my immediate need. I was hoping to find documentation from Microsoft on it to also include all the other UUIDs and potential configuration parameters used by Azure integrations. – Oxymoron Nov 14 '19 at 16:43

1 Answers1

2

Your tenant ID is public and refers to the entire Azure AD directory. It must be in order to be used for authentication. You can find it here.

Your client app ID is not secret, as it must be used with the client secret in order to obtain a token.

Scorpion
  • 784
  • 7
  • 25